Information Security Manager- GRC

Company / Location Information

We are one of the leading manufacturers of water heating and water treatment technologies in the world. We are a $3.9 billion company with 150-year history and we employ more than 12,000 individuals globally who pride themselves on providing the world with innovative water technology. We are committed to Continuous Improvement, not just in our factories or processes, but in our people.

Primary Function

The Information Security Governance, Risk, and Compliance Manager will be responsible for managing activities related to monitoring, reporting, and raising awareness regarding third-party and internal information security control risks. The focus will be on supporting the security direction of our business and elevating our company’s security posture. The Information Security Governance, Risk, and Compliance Manager will play a key role in ensuring compliance with standards and regulations while also driving information security risk awareness, management, and corporate resiliency.

Responsibilities

• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Manage evaluate and update policies and procedures as appropriate.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Manage and develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of services.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Apply GRC expertise across key lines of business, including products, practices and procedures.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
• Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessments to mature monitoring and response capabilities.
• Lead and manage a team of analysts, including training, mentoring, conducting performance reviews, and exhibiting behaviors to be modeled by team members.
• Perform other duties as assigned.

 

Role Specific Responsibilities

Qualifications

• Bachelor’s degree in computer science or related field

• 8+ years of Information Security with a focus on governance, risk and compliance.

• Experience managing and developing people.

• Excellence in communicating business risk from cybersecurity issues.

• Experience driving measurable improvement in monitoring and response capabilities at scale.

 

 

PREFERRED QUALIFICATIONS

• Detailed knowledge of Third-Party risk management systems and processes.

Detailed knowledge of Information Security frameworks, such as NIST CSF or ISO

• Certification in one or more security related disciplines, such as GIAC, Security+, CISSP, or CISM.

 

Education

Baccalaureate in Related Field

Years of Experience

Minimum of 7 years of related work experience or training

We Offer

Competitive compensation package and comprehensive benefits plans which include medical and dental insurance, company-sponsored life insurance, retirement security savings plan, short- and long-term disability programs and tuition assistance.